Active CookieBomb, CVE 2013-2465 and Reveton

This is the second QuickAnalysis post after the one by evilcry; During my daily urlquery investigation (http://urlquery.net/report.php?id=5098255), I come across a website infected by the CookieBomb injection payload. hxxp://first-care-1.com/ The JS inside the index page, obviously, is obfuscated: after deobfuscation we have this: The code above clearly shows a classical CookieBomb Javascript infection. What is […]

Analysis of CVE-2010-0188 PDF from RedKit ExploitKit

After noticing a substantial increase in RedKit infections, following a series of investigations performed on URLQuery, we have decided to go deeper to understand what was happening behind the curtains. RedKit is an exploitation packs that uses the following infection flow: We have this for today’s example: http://urlquery.net/report.php?id=1305873 and the resource is http://senreibehn.narod.ru/ A user visiting a page compromised with […]